I'm trying to use unix user/group database as security realm of hudson. The linux server is using NIS for user management. My account could login the hudson server via ssh.
And the hudson server is running by user 'hudson' that is also a member of group 'shadow', so hudson could read /etc/shadow. And I tested the configuration using 'test' button, hudson tells me it works well.
But I can't use my unix account and password to login the hudson sever.
And I found below java exception in the log of hudson,
Jan 12, 2011 8:23:42 AM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication
INFO: Login attempt failed
org.acegisecurity.BadCredentialsException: pam_authenticate failed : Authentication failure; nested exception is org.jvnet.libpam.PAMException: pam_authenticate failed : Authentication failure
at hudson.security.PAMSecurityRealm$PAMAuthenticationProvider.authenticate(PAMSecurityRealm.java:100)
at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
at java.lang.Thread.run(Thread.java:595)
Caused by: org.jvnet.libpam.PAMException: pam_authenticate failed : Authentication failure
at org.jvnet.libpam.PAM.check(PAM.java:105)
at org.jvnet.libpam.PAM.authenticate(PAM.java:123)
at hudson.security.PAMSecurityRealm$PAMAuthenticationProvider.authenticate(PAMSecurityRealm.java:90)
... 18 more
Update on Jan. 17,
The host is RHEL 4.5, and I created user and group shadow, then add hudson into group shadow.
-bash-3.00$ cat /etc/redhat-release
Red Hat Enterprise Linux WS release 4 (Nahant Update 5)
-bash-3.00$ ll /etc/shadow
-r--r----- 1 root shadow 1114 Jan 4 11:37 /etc/shadow
-bash-3.00$ cat /etc/group |grep shadow
shadow:x:44:hudson
I also tried to setup hudson on another RHEL 4.8 host. This time I ran the hudson by root,
kzhu0#pek-wb-rhws4_32:~$ ps -ef|grep hudson
root 18764 29161 0 Jan14 pts/5 00:00:33 /usr/bin/java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -DHUDSON_HOME=/var/lib/hudson -jar /usr/lib/hudson/hudson.war --logfile=/var/log/hudson/hudson.log --daemon --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20
kzhu0 22404 18833 0 10:52 pts/2 00:00:00 grep hudson
kzhu0#pek-wb-rhws4_32:~$ cat /etc/redhat-release
But I still don't have luck to get unix user/password group work. And I can't find any pam error message in /var/log/messages and /var/log/secure. It looks like hudson throws the exception before actually using pam to get authentication.
Red Hat Enterprise Linux WS release 4 (Nahant Update 8)
I find the solution after debugging the code of libpam4j that is used by hudson for PAM security realm.
the service name must be 'sshd' in my case, because I want to use NIS to do authentication. RHEL 4.x uses the pam 0.77, it strictly depends on the service name specified by hudson. However my Ubuntu 10.04 accepts any meaningless service name, which uses pam 1.1.1.
the user who runs the hudson must have the permission to read the service file of pam, /etc/pam.d/sshd is the file in my case
In my case, ubuntu 10.04 Ihad to use ssh instead of sshd for the Service Name
I have struggled with this problem for many hours. At the end what worked for me:
1. Add 'hudson' user to root and shadow groups
2. Install sshd (missing in /etc/pam.d).
3. Set PAM service to login.
Then I could login to Hudson with Unix account and execute build as Unix user.
I think point 1 is the one which fixed issue.
Related
I have set up jenkins on GKE using the official helm chart.
I have also created an nginx-ingress controller installation using helm and I am able to access jenkins via https://112.222.111.22/jenkins where 112.222.111.22 is the static IP I am passing to the load balancer.
I am also able to create jobs.
However, when I try to spin up inbound remote agent:
▶ java -jar agent.jar -noCertificateCheck -jnlpUrl https://112.222.111.22/jenkins/computer/My%20Builder%203/slave-agent.jnlp -secret <some_secret>
...
WARNING: Connect timed out
Feb 28, 2020 5:57:18 PM hudson.remoting.jnlp.Main$CuiListener error
SEVERE: https://112.222.111.22/jenkins/ provided port:50000 is not reachable
java.io.IOException: https://112.222.111.22/jenkins/ provided port:50000 is not reachable
at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:303)
at hudson.remoting.Engine.innerRun(Engine.java:527)
at hudson.remoting.Engine.run(Engine.java:488)
Why is that?
I had similar issue. I have solved it enabling the "Use WebSocket". Jenkins Salve/Agent > Configure > Launch Method > Use WebSocket (enable) > Save.
Might be because port 50000 is not open in the Jenkins master.
You can try to open the port by Creating Inbound rule in Jenkins Master's firewall which allows Port 50000 (coming from other machine in this case Agent, hence Inbound rule).
Try following steps:
Go to Master Jenkins.
Open Wiindows Defender Firewall--> Advance setting --> create Inbound Rule allow port 50000
Note: In 1 inbound rule you can allow more than one port as shown in below.
Restart master Jenkins service.
Check if (step is valid only if you have created windows service on agent) agent service is running continuously.
Check Agent status in Jenkins !
looks like port 50000 is not open in the jenkins master. Try to open the port and restart the machine and instance ( i.e jenkins via url ) and see if it helps.
I want to setup a small POC remote area with 1x master (192.168.60.99) and 1x worker (192.168.60.98) using bazel-buildfarm. Both are CentOS 7 machines provisioned with Vagrant. When connection from a Ubuntu workstation (third machine) in the network, the following error occurs:
$ bazel build --verbose_failures //projects/myproj:app
Starting local Bazel server and connecting to it...
INFO: Options provided by the client:
Inherited 'common' options: --isatty=1 --terminal_columns=229
INFO: Reading rc options for 'build' from /home/user/tests/ecommerce/.bazelrc:
'build' options: --strategy=TypeScriptCompile=worker --strategy=AngularTemplateCompile=worker --symlink_prefix=dist/ --define=compile=legacy --incompatible_strict_action_env --experimental_allow_incremental_repository_updates --distdir=third_party/_distdir
INFO: Reading rc options for 'build' from /home/user/.bazelrc:
'build' options: --spawn_strategy=remote --genrule_strategy=remote --strategy=Javac=remote --strategy=Closure=remote --remote_executor=192.168.60.99:8980
INFO: Writing tracer profile to '/home/user/.cache/bazel/_bazel_user/24700f1ad3e201a00a1c26bd59dc6502/command.profile.gz'
INFO: Invocation ID: 569b59ca-edcb-4922-92a0-b6f0b5ca2819
ERROR: Failed to query remote execution capabilities: UNAVAILABLE: io exception
The network connection is working and I even can connect to Bazel using telnet:
telnet 192.168.60.99 8980
Trying 192.168.60.99...
Connected to 192.168.60.99.
Escape character is '^]'.
.bazelrc file of the third Ubuntu machine:
$ cat ~/.bazelrc
build --spawn_strategy=remote --genrule_strategy=remote --strategy=Javac=remote --strategy=Closure=remote --remote_executor=192.168.60.99:8980
Buildfarm setup
Both got a clon of the buildfarm git repo. The example config files were used. Just on the server I replaced localhost by 192.168.60.99 (master server ip).
I know that bazel run is not recommended. But in lack of better alternatives that works, my idea is to get the documented way working first (Bazel itself doesn't mention any alternative). Since not even bazel run works, I think that something is wrong with my installation.
All machines use version 1.1.0, which is the latest stable one at the time of writing. It's definitely an issue with bazel-buildfarm, since the local build works fine on the Ubuntu machine.
Master server
bazel run //src/main/java/build/buildfarm:buildfarm-server $(pwd)/examples/server.config.example
Worker
bazel run //src/main/java/build/buildfarm:buildfarm-operationqueue-worker $(pwd)/examples/worker.config.example --distdir ~/distdir/
The distdir is a workaround for our company proxy, that manipulates files with MITM attacks. Since Bazel doesn't allow this, I downloaded the affected file for it's jdk manually:
[vagrant#localhost bazel-buildfarm]$ l ~/distdir/
total 188M
-rw-rw-r--. 1 vagrant vagrant 188M Jan 17 2019 zulu11.2.3-jdk11.0.1-linux_x64.tar.gz
If Bazel >= 1.0 is used , we need to specify the protocol grpc in .bazelrc like this:
--remote_executor=grpc://192.168.60.99:8980
Without the protocol, the UNAVAILABLE: io exception occurs. There is currently no documentation about this issue.
Recently, I've deployed my JSP project into Openshift server. Now my wish is to see the Console log.
Suppose, if I print System.out.println("Message"); into my JSP project, how do I see that message printed into Console log in Openshift server?
EDITED:
DL is deprecated, please use Fiddle
rajendra # http://code-programmersplace.rhcloud.com/
(uuid: 54d19a5be0b8cd9bf9000082)
-------------------------------------------------
Domain: programmersplace
Created: Feb 04 9:34 AM
Gears: 1 (defaults to small)
Git URL: ssh://54d19a5be0b8cd9bf9000082#code-programmersplace.rhcloud.com/~/gi
t/rajendra.git/
SSH: 54d19a5be0b8cd9bf9000082#code-programmersplace.rhcloud.com
Deployment: auto (on git push)
jbossews-2.0 (Tomcat 7 (JBoss EWS 2.0))
---------------------------------------
Gears: 1 small
You have access to 1 application.
C:\Users\rajendra>
The first thing you need is to connect via SSH to your application on OpenShift. If the name of your app is awesome, run the following command:
rhc ssh -a awesome
If you've forgotten the name of your application, execute rhc apps in order to see your current apps. See the lines with something similar to hereisthename # http://... or .../~/git/hereisthename.git/.
Once you're connected via SSH, you can see the log using the tail command:
Tomcat 7 (JBoss EWS 2.0)
tail -f -n 100 app-root/logs/jbossews.log
JBoss Application Server 7
tail -f -n 100 app-root/logs/jbossas.log
The OpenShift Client Tools are required. See Installing the OpenShift Client Tools. See also Getting Started with OpenShift Online.
RELATED: rhc ssh [No system SSH available] error
Problem: Recieve 'Could not connect' error when using Openshift to deploy .war for PHP/Java bridge
Below I describe every step I've taken to get to this error, thanks in advance.
Full error: (IP concealed)
"Fatal error: Uncaught Could not connect to the JEE server W.X.Y.Z:8080. Please start it. Or define('JAVA_HOSTS',9267); define('JAVA_SERVLET',false); before including 'Java.inc' and try again. Error message: Connection refused (111) thrown in /home/stevenw1/public_html/softwareProject/real/inc/Java.inc on line 989"
Players: "Java_Bridge.war" = my java .war file that php will use to call methods from
"W.X.Y.Z" = Unchanging IP address of deployed .war file
"GUIProfile" = a Java class with #WebServlet("/GUIProfile") as public class GUIProfile extends HttpServlet
"tomcattest.php" = test file that calls GUIProfile's static method 'validate'
Deployed Java_Bridge.war and tomcattest.php work fine on my local tomcat, just not yet on Openshift.
Senario:
0. followed command line steps from Openshift 2012 java tomcat application
1. Using Openshift's rhc I have created my first app using "rhc app create -a tomcat6 -t jbossews-1.0"
2. cd ~/tomcat6/; git rm -rf ./src/ pom.xml
3. cp ~/Java_Bridge.war ./webapps/; git add ./webapps/Java_Bridge.war; git commit -m "first try"; git push
//notable output includes:
remote: Stopping jbossews cartridge
remote: Sending SIGTERM to jboss:386662 ...
remote: Skipping Maven build due to absence of pom.xml
remote: Preparing build for deployment
remote: Deployment id is bd83d6eb
remote: Activating deployment
remote: + '[' Java_Bridge.war ']'
remote: Starting jbossews cartridge
remote: Found W.X.Y.Z:8080 listening port //(not actual IP)
remote: Git Post-Receive Result: success
remote: Activation status: success
remote: Deployment completed with status: success
to ssh://thisisnottheactualuser#tomcat6-notthenamehereeither.rhcloud.com
4. Thinking the .war was deployed I ran a tomcattest.php that calls a java method 'validate', from java class GUIProfile that extends httpservlet, using the php/java bridge Java.inc
//of course using the same IP from above...
cat tomcattest.php;
<?php
define("JAVA_HOSTS", "W.X.Y.Z:8080");
define("JAVA_SERVLET", "/Java_Bridge/GUIProfile");
require_once("Java.inc");
$valiationOutput = java_context()->getServlet()->validate("hello");
echo $valiationOutput;
?>
EDIT: later tried this also in all instances: same results exactly
cat alternatetest.php
<?php
define("JAVA_HOSTS", "W.X.Y.Z:8080");
require_once("Java.inc");
echo java("java.lang.System")->getProperties();
?>
The output of calling tomcattest.php is the 'Fatal error' you see at the top.
Double Check:
5. ssh thisisnottheactualuser#tomcat6-notthenamehereeither.rhcloud.com
6. env | grep "IP"
OPENSHIFT_JBOSSEWS_IP=W.X.Y.Z
7. env | grep "PORT"
OPENSHIFT_JBOSSEWS_HTTP_PORT=8080
OPENSHIFT_JBOSSEWS_JPDA_PORT=8787
8. changed port in tomcattest.php to 8787, didn't change a thing of course.
9. restarted from the top, this time keeping ./src/ & pom.xml, same 'Deployment completed with status: success', same error using tomcattest.php with new listening IP...
10. tried solution from 'openshift youtube vid 2012' seemingly outdated. Followed step by step:
onced ssh'ed, no "tomcat" dir, I used cd $OPENSHIFT_DATA_DIR instead to access data dir
wget tomcat, changed ports to >15000, sh startup.sh && tail -f ../logs/*
notable errors in the result include:
SEVERE: Failed to initialize connector [Connector[AJP/1.3-15009]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[AJP/1.3-15009]] SEVERE: Failed to initialize connector
[Connector[AJP/1.3-15009]] org.apache.catalina.LifecycleException:
Failed to initialize component [Connector[AJP/1.3-15009]] SEVERE:
Failed to initialize end point associated with ProtocolHandler
["ajp-bio-15009"] java.net.BindException: Permission denied
:15009 SEVERE: Failed to initialize end point associated with
ProtocolHandler ["ajp-bio-15009"] java.net.BindException: Permission
denied :15009
11. restarted step 6, this time left IP's as they were, changing only localhost to tomcat-stevenwernercs.rhcloud.com, same result but with original IP's
12. ran out of options online, then I posed this question...
13. then I edited it a lot...
14. patiently wait :)
That is everything I have done, I am not sure why php isnt finding Java.
I looked at previous questions didn't find anything helpful.
Open to anything, thank you
Gears in a non-scable application are not allowed to communicate on any non http/ws port. So if your php java bridge is trying to communicate with the tomcat instance on 15009 (from what i see above) that is not going to work. You could only make requests on 80/443/8000/8443. Can you verify what port the java bridge works over?
Alternate solution: https://bitnami.com/cloud
I got it working using Bitnami with Amazon AWS, it provides free service for 1 year, documentation that is easy to follow, and plentiful and up to date, It took less than an hour.
Disclaimer: Using ssh tunnel for port 8080 i configured tomcat as if on localhost, and moved my hosted .php to the
same microserver that also hosted the tomcat. (I gave up on trying to host php and tomcat separately.)
I have hosted tomcat separately before on my university's tomcat server. But that was a node I had full access to.
I would still like to try Openshifts free solution, although the current resources and methods I've seen seem to no longer be valid. And unfortunately the workarounds are not intuitive enough and are currently over my head. Thank you.
I am trying to deploy a simple WebService in Netbeans 6.7.1 and Glassfish v2.1.1 and am getting the following error. I am using GlassfishESBv2.2 and windows 7 machine. I have tried googling and implemented things as shown in
http://forums.netbeans.org/topic10055-0-asc-0.html . Still unable to deploy. Though the message says that application server is not started, from the Server tab , I am able to see a message which indicates Glassfish has started.Also , doing a netstat after trying to deploy returns this, which means that Glassfish is running.
C:>netstat -an | findstr "4848"
TCP 0.0.0.0:4848 0.0.0.0:0 LISTENING
I have been trying real hard to get this resolved. Any help is highly appreciated.
Error Message :
The Sun Java System Application Server could not start.
More information about the cause is in the Server log file.
Possible reasons include:
- IDE timeout: refresh the server node to see if it's running now.
- Port conflicts. (use netstat -a to detect possible port numbers already used by the operating system.)
- Incorrect server configuration (domain.xml to be corrected manually)
- Corrupted Deployed Applications preventing the server to start.(This can be seen in the server.log file. In this case, domain.xml needs to be modified).
- Invalid installation location.
C:\Users\xyz\Documents\NetBeansProjects\HWebService\nbproject\build-impl.xml:564: Deployment error:
The Sun Java System Application Server could not start.
More information about the cause is in the Server log file.
Possible reasons include:
- IDE timeout: refresh the server node to see if it's running now.
- Port conflicts. (use netstat -a to detect possible port numbers already used by the operating system.)
- Incorrect server configuration (domain.xml to be corrected manually)
- Corrupted Deployed Applications preventing the server to start.(This can be seen in the server.log file. In this case, domain.xml needs to be modified).
- Invalid installation location.
See the server log for details.
BUILD FAILED (total time: 29 seconds)
I've described the solution please visit here...
http://forums.netbeans.org/post-65058.html